From: Mannan Venkatesan (mv_lab@xxxxxxxxxxx)
Date: Fri Mar 15 2002 - 13:11:52 GMT-3
Guys,
One of friend brought up a good question and we tested it. Here it goes,
D1-----R1----------R2-----D2
R1 is connected to R2 through P-t-P serial link. I used 10.1.1.1/24 address on
R1's serial interface and R2 had 20.2.2.2/24. R1 has a static route to D2
(desktop) with next-hop, 10.1.1.2(non exist address). R2 has a static route to
D1 with next-hop, 20.2.2.1(non-exist address again).
When I tried to ping D2 from D1, R1 and R2 never change the source and
destination address (normal behavior) and it worked with R1 and R2 directly
connected using totally different network addresses.
Ofcourse this will not work if the routers originates any packet but they
don't do any check if the packet are originated from desktops. Is it kind of a
security hole?
Regards,
Mannan Venkatesan
CCIE # 8906, CCNP, CCDP,
Lucent Technologies - ESS
King of Prussia,
Pager: 888-663-3853
Email: mv70@lucent.com
Epage: page_mannan_venkatesan@ins.com
"You can swim all day in the Sea of Knowledge and still come out completely
dry. Most people do."
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:09 GMT-3